github.com/aarzilli/tools@v0.0.0-20151123112009-0d27094f75e0/appengine/login/user.go (about) 1 // package login wraps the appengine user inside cookie name SACSID, 2 // as opposed to gitkit user wrapped inside SESSIONID. 3 package login 4 5 import ( 6 "bytes" 7 "fmt" 8 "net/http" 9 10 "github.com/pbberlin/tools/net/http/htmlfrag" 11 12 "appengine" 13 "appengine/user" 14 ) 15 16 func UserFromReq(r *http.Request) (*user.User, string) { 17 18 c := appengine.NewContext(r) 19 uType := "" 20 21 // 22 // 23 u := user.Current(c) 24 if u == nil { 25 uType += "OAuth1 fail " 26 } else { 27 uType += "OAuth1 succ " 28 } 29 uType += "\n" 30 31 // 32 // 33 u2, err := user.CurrentOAuth(c, "") 34 if err != nil { 35 uType += fmt.Sprintf("OAuth2 fail: %v", err) 36 } 37 if u2 != nil { 38 uType += "OAuth2 succ " 39 } 40 uType += "\n" 41 42 if appengine.IsDevAppServer() { 43 if u2.Email == "example@example.com" { 44 uType += fmt.Sprintf("OAuth2 reset %q. ", u2.Email) 45 u2 = nil 46 } 47 uType += "CurrentOAuth() always exists on DEV system." 48 } 49 50 // Replace 51 if u == nil { 52 u = u2 53 } 54 55 return u, uType 56 } 57 58 func CheckForNormalUser(r *http.Request) (bool, *user.User, string) { 59 60 if appengine.IsDevAppServer() { 61 return true, &user.User{Email: "dev@server.com", Admin: true, ID: "32168"}, "DevServer login granted" 62 } 63 64 u, msg := UserFromReq(r) 65 66 if u == nil { 67 msg = "google appengine oauth required - normal rights - no login found\n" + msg 68 return false, nil, msg 69 } 70 71 return true, u, msg 72 73 } 74 75 func CheckForAdminUser(r *http.Request) (bool, *user.User, string) { 76 77 if appengine.IsDevAppServer() { 78 return true, &user.User{Email: "dev@server.com", Admin: true, ID: "32168"}, "DevServer login granted" 79 } 80 81 u, msg := UserFromReq(r) 82 83 if u == nil { 84 msg = "google appengine oauth required - admin rights - no login found \n" + msg 85 msg = "use /appengine/login\n" + msg 86 return false, nil, msg 87 } 88 if u != nil && !u.Admin { 89 msg = "google appengine oauth required - admin rights - login found without admin \n" + msg 90 msg = "use /appengine/login\n" + msg 91 return false, nil, msg 92 } 93 94 // if u.ID != "108853175242330402880" && u.ID != "S-1-5-21-2175189548-897864986-1736798499-1000" { 95 // } 96 97 return true, u, msg 98 99 } 100 101 // Show status and show login/logut url 102 func login(w http.ResponseWriter, r *http.Request) { 103 104 r.Header.Set("X-Custom-Header-Counter", "nocounter") 105 w.Header().Set("Content-type", "text/html; charset=utf-8") 106 w.WriteHeader(http.StatusFound) 107 108 c := appengine.NewContext(r) 109 u, uType := UserFromReq(r) 110 111 if u == nil { 112 113 fmt.Fprintf(w, "%v<br>\n", uType) 114 url, err := user.LoginURL(c, r.URL.String()) 115 if err != nil { 116 http.Error(w, err.Error(), http.StatusInternalServerError) 117 return 118 } 119 120 // forward to login 121 // w.Header().Set("Location", url) 122 123 fmt.Fprintf(w, "<a href='%v'>login</a><br>", url) 124 125 } else { 126 127 // this gets never executed on dev server 128 fmt.Fprintf(w, "Hello, %v, %v, %v, %v!<br>\n", u, u.ID, u.Email, u.FederatedIdentity) 129 fmt.Fprintf(w, "Login type <pre>%v</pre><br>\n", uType) 130 url2, err := user.LogoutURL(c, r.URL.String()) 131 if err != nil { 132 http.Error(w, err.Error(), http.StatusInternalServerError) 133 } 134 fmt.Fprintf(w, "<a href='%v'>logout</a><br>", url2) 135 urlLogoutDocumented := "/_ah/login?action=logout" 136 fmt.Fprintf(w, "<a href='%v'>%v</a><br>", urlLogoutDocumented, urlLogoutDocumented) 137 } 138 139 fmt.Fprintf(w, htmlfrag.CookieDump(r)) 140 141 } 142 143 func InitHandlers() { 144 http.HandleFunc("/appengine/login", login) 145 } 146 147 // userinterface rendered to HTML - not only the strings for title and url 148 func BackendUIRendered() *bytes.Buffer { 149 var b1 = new(bytes.Buffer) 150 htmlfrag.Wb(b1, "Login AppEngine", "/appengine/login", "opposite of gitkit login") 151 return b1 152 }